OTL logfile created on: 31/5/2013 4:46:55 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ekram\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy 3.87 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 45.93% Memory free 7.73 Gb Paging File | 4.77 Gb Available in Paging File | 61.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.34 Gb Total Space | 109.53 Gb Free Space | 38.66% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: EKRAM-PC | User Name: ekram | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/05/31 16:43:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ekram\Downloads\OTL.exe PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/02/16 03:58:14 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\ekram\AppData\Roaming\Yontoo\YontooDesktop.exe PRC - [2013/02/16 03:58:14 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe PRC - [2012/12/15 15:49:25 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/08/23 00:44:53 | 000,210,944 | ---- | M] () -- C:\ProgramData\Codec\Codec.exe PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011/04/01 16:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/07/22 09:03:48 | 001,625,088 | ---- | M] (SMART-SOFT) -- C:\Program Files (x86)\TrafInsp\Agent\trafinspag.exe PRC - [2010/03/18 05:37:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/03/18 05:34:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/02/21 20:52:32 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe PRC - [2010/02/21 20:52:32 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe PRC - [2010/02/21 20:52:00 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe PRC - [2010/02/10 02:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009/12/30 05:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/12/24 06:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/12/24 06:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/10/15 16:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe PRC - [2009/10/15 16:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009/07/02 07:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009/06/25 05:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/05/21 21:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009/05/21 21:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe PRC - [2008/06/29 01:23:04 | 001,261,056 | ---- | M] () -- C:\Program Files (x86)\USBScan\USBScan.exe PRC - [2007/06/01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/05/31 03:36:44 | 000,013,600 | ---- | M] () -- C:\Users\ekram\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll MOD - [2013/05/16 04:17:14 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013/05/16 03:09:21 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013/05/16 03:09:06 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/16 03:08:54 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013/05/16 03:08:38 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013/05/16 03:08:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/02/14 03:14:08 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013/01/12 20:59:10 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013/01/12 07:25:44 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013/01/12 07:25:28 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/12 07:24:56 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/12 07:24:37 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/12 07:24:33 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/12 07:24:28 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/10/05 18:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2011/12/26 04:42:15 | 005,255,168 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2010/11/05 09:58:14 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010/11/05 09:58:10 | 000,114,688 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2010/11/05 09:58:04 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010/02/21 20:53:28 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll MOD - [2010/02/21 20:52:36 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll MOD - [2010/02/21 20:51:24 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll MOD - [2010/02/10 02:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2010/02/10 02:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2010/02/10 02:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2010/02/10 02:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2010/02/10 02:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2010/02/10 02:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009/10/15 16:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe MOD - [2009/10/15 16:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009/10/15 16:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll MOD - [2009/09/28 13:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll MOD - [2008/06/29 01:23:04 | 001,261,056 | ---- | M] () -- C:\Program Files (x86)\USBScan\USBScan.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:[b]64bit:[/b] - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2010/06/02 14:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2010/03/18 05:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters) SRV:[b]64bit:[/b] - [2010/03/18 05:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2010/02/03 14:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:[b]64bit:[/b] - [2009/11/03 01:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:[b]64bit:[/b] - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/02 07:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2009/06/09 22:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2013/05/15 16:31:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/02/28 19:36:20 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2011/04/01 16:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/07/30 02:11:14 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 05:37:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/03/18 05:34:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 05:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters) SRV - [2010/03/18 05:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe -- (STacSV) SRV - [2010/02/21 20:52:00 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService) SRV - [2009/12/24 06:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/21 21:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:[b]64bit:[/b] - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010/06/02 14:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2010/06/02 13:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2010/05/06 21:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:[b]64bit:[/b] - [2010/04/12 16:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b]64bit:[/b] - [2010/03/18 05:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2010/03/18 05:33:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2010/03/18 05:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2010/03/18 05:27:14 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2010/02/03 14:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:[b]64bit:[/b] - [2010/02/03 14:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:[b]64bit:[/b] - [2010/02/03 14:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2009/12/17 23:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009/11/03 01:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:[b]64bit:[/b] - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/09 16:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2009/07/03 14:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2009/07/03 14:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2009/07/03 14:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2009/07/03 14:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2009/06/16 02:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:[b]64bit:[/b] - [2009/06/11 04:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009/06/11 04:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:[b]64bit:[/b] - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008/09/25 08:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP) DRV:[b]64bit:[/b] - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:[b]64bit:[/b] - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2006/11/02 01:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?st=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E AC 66 B9 79 4F CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = Yandex IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=7c4e86d400000000000070f1a1c9d00c IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.bing.com/search?q={searchTerms}&r=167 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ekram\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ekram\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ekram\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=2.0.8.5.1: C:\Users\ekram\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\50350a503b766@50350a503b7a0.info: C:\Users\ekram\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\50350a503b766@50350a503b7a0.info [2012/08/23 00:44:16 | 000,000,000 | ---D | M] [2013/03/03 19:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ekram\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions [2012/08/23 00:44:16 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\ekram\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\50350a503b766@50350a503b7a0.info [2012/01/09 07:24:18 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Users\ekram\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru [2013/03/03 18:34:03 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\ekram\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\torntv@torntv.com.xpi [2013/03/03 18:34:57 | 000,001,294 | ---- | M] () -- C:\Users\ekram\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\delta.xml [2010/11/03 05:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/09/09 00:48:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/04/12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Delta Search (Enabled) CHR - default_search_provider: search_url = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=7c4e86d400000000000070f1a1c9d00c CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\ekram\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ekram\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ekram\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ekram\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Users\ekram\AppData\Roaming\Mozilla\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\ekram\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Codecv = C:\Users\ekram\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccedfkhdfkkppgghknlilangabelpnkj\1.0_0\ CHR - Extension: Google Search = C:\Users\ekram\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: http://www.facebook.com/index.php?lh=7ec222da = C:\Users\ekram\AppData\Local\Google\Chrome\User Data\Default\Extensions\gelmffnilamifkjkpciajapndpdjfofb\2013.5.29.20282_0\ CHR - Extension: Skype Click to Call = C:\Users\ekram\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\ CHR - Extension: Yontoo = C:\Users\ekram\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\ CHR - Extension: Gmail = C:\Users\ekram\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [trafinspag.exe] C:\Program Files (x86)\TrafInsp\Agent\trafinspag.exe (SMART-SOFT) O4 - HKLM..\Run: [USBScan.exe] C:\Program Files (x86)\USBScan\USBScan.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\ekram\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC) O4 - HKCU..\Run: [TorrentStream] C:\Users\ekram\AppData\Roaming\TorrentStream\engine\tsengine.exe () O4 - HKCU..\Run: [Video Library] C:\Users\ekram\AppData\Local\Temp\Rpcqt.dll (SmartSoft Ltd.) O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\ekram\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - Startup: C:\Users\ekram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found O4 - Startup: C:\Users\ekram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} http://cdn03.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll (ooVooWebCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2ABFF46-5537-4652-803F-BA5058568B8B}: NameServer = 10.240.8.2,77.241.17.2 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll () O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/05/31 05:07:51 | 000,000,000 | ---D | C] -- C:\0d2aea826edde8fbdb8b29e4c3a3 [2013/05/31 03:38:44 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{0763F441-2D17-48D9-8DB3-4A71AB154D5E} [2013/05/30 14:19:38 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{ECD96119-4947-47B9-A181-E59345F1B71A} [2013/05/29 15:25:06 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{C7EC8E93-6DA5-4D41-A00B-772120A0A324} [2013/05/29 15:22:25 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{827BC4C0-8BCF-4A3E-87B4-68C990504BBB} [2013/05/28 12:59:28 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{6DFE2220-FA49-4249-8834-D79A6D7B91B7} [2013/05/27 17:34:45 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{2F7A6FD4-CBDB-4F6B-A05C-2BBFF3777A4C} [2013/05/27 03:04:11 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{65DF4AB9-82C9-434E-B4A7-2A0AD7B4158E} [2013/05/26 14:58:50 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{7D52D71C-6D0B-499D-BECF-50B805C28F43} [2013/05/25 15:36:30 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{6F581256-F5B1-47B9-B07A-33EF8681F6C3} [2013/05/25 00:58:55 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{51D3096E-D4B9-4FC1-AF63-F567A6299D85} [2013/05/24 11:38:42 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{51412A9B-2DB5-4074-AA5F-310975C4636D} [2013/05/23 21:23:49 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{2C885BBF-27AF-46FD-950A-7FFC3594B775} [2013/05/23 01:25:51 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{79198FD8-9CC4-4C53-930A-FB07118076A0} [2013/05/22 10:22:25 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{04150DF4-633A-42D3-96DF-C9ECF8F40B92} [2013/05/21 13:25:30 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{1A6738D5-2DF3-4786-89EC-CCF7047504EA} [2013/05/20 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{93DFA117-4C9F-40EF-A117-61D9E1306C8B} [2013/05/19 10:26:08 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{871A8D62-7BD0-4685-8986-3E5708F543CA} [2013/05/18 14:18:29 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{8CAC8CFC-C4A1-49E3-B0DB-48A514068AB9} [2013/05/17 20:52:44 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{5B35FC3B-C2A2-4C9A-937D-2DCA824F37DD} [2013/05/17 03:27:06 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{94D12996-5B88-4470-A787-9673DAFA2AFC} [2013/05/17 03:23:21 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{8256A294-BE50-4369-951C-C2B766761B1D} [2013/05/16 14:46:38 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{06D979DB-6C79-46C8-8F6B-7D172E1EF5D0} [2013/05/15 15:07:32 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{0CD14603-129B-489D-B46A-A5345E88329F} [2013/05/15 01:18:36 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{161445D3-F8F7-46C8-95C4-7FA046A1BC81} [2013/05/14 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{1BAC2132-DB90-42E5-8249-CBE84A972B02} [2013/05/14 00:17:05 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{1319E3B4-0D98-4FA3-82B8-6E4078467D25} [2013/05/13 12:16:35 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{BB02DBB0-19F9-4D82-BC53-C70F856A0E77} [2013/05/12 21:45:05 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{D6C22708-4295-400D-B16E-6B4D0DBAF5C1} [2013/05/12 04:33:03 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{938CD7C6-7080-4464-B979-3D1224EF166D} [2013/05/11 13:43:46 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{7AB15F8A-C75D-4ADB-B86A-F5F1CAA3DB2A} [2013/05/11 01:43:18 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{64D07E1D-3965-4957-AC8E-B33ED1952AB3} [2013/05/10 12:02:36 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{565F80DE-29EF-4F41-9DC7-2C3C1AFE1B6E} [2013/05/09 14:09:29 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{D5FA47F6-8873-492E-8BA2-4C8FCF78E2AC} [2013/05/09 02:00:36 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{9B6EC090-E511-4C01-BAD0-EC7D92CDE8E1} [2013/05/08 12:53:43 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{FA0FA15C-B7E8-49B9-BB84-60C3852A44DD} [2013/05/08 00:53:18 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{23BEFB27-208E-4D01-B663-0A910E15B280} [2013/05/07 12:33:46 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{C3666DA5-2B92-4261-8C7F-1B4288A65644} [2013/05/06 12:44:43 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{9ED20639-8490-499D-BAC1-5B9D234A57A1} [2013/05/05 13:55:34 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{4FB98222-C5F8-4E9B-AD3E-BDB97D29B6B8} [2013/05/05 03:28:27 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{206512B0-2749-442C-8B33-7E80B8EBB185} [2013/05/04 23:45:05 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{FF3B9B27-14B6-4DB4-9875-4A24EE2FF444} [2013/05/04 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{0021E0C5-B16B-43A2-9756-1F9207BC8377} [2013/05/04 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{18B5357E-E2F5-4D45-B357-9DA007506E25} [2013/05/04 15:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/05/04 14:58:45 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{52762A78-6961-4209-9C91-FDE210516FDF} [2013/05/04 01:38:30 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{EF56AC98-222F-490E-B57D-A50E559DEC77} [2013/05/03 21:53:23 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{AE3D7CF4-3C84-4868-9399-56544AECD5FB} [2013/05/03 04:32:42 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{5007D0F8-2D04-4AD5-8DBC-DC3BBB07AA1D} [2013/05/02 15:40:29 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{1A115502-0BA1-4364-8B7E-371665AFD7ED} [2013/05/02 00:22:11 | 000,000,000 | ---D | C] -- C:\Users\ekram\AppData\Local\{C1EFC775-3B69-474E-8FB4-6A6A83086B81} [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\ekram\AppData\Local\*.tmp files -> C:\Users\ekram\AppData\Local\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/05/31 16:58:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/31 16:49:07 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1545562978-1526252061-338514493-1000UA.job [2013/05/31 16:32:13 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/05/31 14:17:15 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1545562978-1526252061-338514493-1000UA.job [2013/05/31 13:39:55 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1545562978-1526252061-338514493-1000Core.job [2013/05/31 13:37:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/05/31 03:58:00 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/31 03:44:02 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/31 03:44:02 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/31 03:33:50 | 000,000,374 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics [2013/05/31 03:33:45 | 000,000,332 | -H-- | M] () -- C:\windows\tasks\CodecUpdaterTask{423C7537-5C02-4DF0-B5B9-104D57D3C06E}.job [2013/05/31 03:33:17 | 3113,136,128 | -HS- | M] () -- C:\hiberfil.sys [2013/05/25 20:17:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1545562978-1526252061-338514493-1000Core.job [2013/05/25 02:49:57 | 000,002,368 | ---- | M] () -- C:\Users\ekram\Desktop\Google Chrome.lnk [2013/05/24 14:09:39 | 000,802,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/05/24 14:09:39 | 000,680,822 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/05/24 14:09:39 | 000,132,526 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/05/16 14:43:45 | 000,418,192 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/05/04 01:40:03 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\ekram\AppData\Local\*.tmp files -> C:\Users\ekram\AppData\Local\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/05/08 20:12:47 | 000,000,928 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1545562978-1526252061-338514493-1000UA.job [2013/05/08 20:12:47 | 000,000,906 | ---- | C] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1545562978-1526252061-338514493-1000Core.job [2013/05/04 01:40:03 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/11/17 14:23:24 | 000,000,000 | ---- | C] () -- C:\Users\ekram\AppData\Local\{5AFFB168-00F3-4879-B15D-15FDB7837194} [2011/06/16 19:59:18 | 000,000,000 | ---- | C] () -- C:\Users\ekram\AppData\Local\{B67CC2B1-84C4-406F-8D20-064D723A7496} [2011/06/11 18:33:23 | 000,000,000 | ---- | C] () -- C:\Users\ekram\AppData\Local\{F065A2BC-F62B-4CA9-9BCC-ED3B52FBE741} [2011/06/11 15:10:05 | 000,000,000 | ---- | C] () -- C:\Users\ekram\AppData\Local\{9DF7363C-E96A-4469-85E1-5854A50A5E0C} [2011/06/10 01:03:55 | 000,000,000 | ---- | C] () -- C:\Users\ekram\AppData\Local\{02B6C680-F9B1-4F5A-90A4-A31BB3740A29} [2011/05/27 09:55:05 | 000,000,000 | ---- | C] () -- C:\Users\ekram\AppData\Local\{A49000CA-A9BA-4FC0-BE40-C96D85150595} [2011/05/02 12:45:05 | 000,000,000 | ---- | C] () -- C:\Users\ekram\AppData\Local\{B45372D3-6E81-45C5-97A6-7BF90CEF0D7B} [2011/03/18 02:35:36 | 000,008,704 | ---- | C] () -- C:\Users\ekram\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/03 02:58:20 | 000,000,376 | ---- | C] () -- C:\ProgramData\{691CC1B3-2B87-47BC-9F23-4C6D6FEFE228}_WiseFW.ini [2010/10/06 14:28:25 | 000,000,017 | ---- | C] () -- C:\Users\ekram\AppData\Local\resmon.resmoncfg [2010/09/04 21:51:58 | 000,000,046 | ---- | C] () -- C:\Users\ekram\AppData\Roaming\svighost.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013/05/30 22:17:31 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\.Torrent Stream [2010/09/21 11:57:07 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Avanquest [2013/03/03 18:34:38 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Babylon [2011/04/28 00:18:12 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2013/05/31 03:35:49 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\BitTorrent [2010/12/10 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Gygan [2013/01/09 21:26:15 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\HTML Executable [2011/03/14 00:18:22 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Leadertech [2011/10/15 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\My Battle for Middle-earth(tm) II Files [2010/12/19 17:21:34 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\ooVoo Details [2012/01/09 07:24:08 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Opera [2011/02/01 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Red Alert 3 [2013/01/27 20:04:18 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Ubisoft [2013/03/16 18:00:50 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Windows Live Writer [2012/08/29 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\xsecva [2012/01/09 07:25:50 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Yandex [2013/05/31 14:23:44 | 000,000,000 | ---D | M] -- C:\Users\ekram\AppData\Roaming\Yontoo [color=#E56717]========== Purity Check ==========[/color] < End of report >